Home > CAPEC List > CAPEC-293: Traceroute Route Enumeration (Version 2.9)  

CAPEC-293: Traceroute Route Enumeration

 
Traceroute Route Enumeration
Definition in a New Window Definition in a New Window
Attack Pattern ID: 293
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker uses a traceroute utility to map out the route which data flows through the network in route to a target destination. Tracerouting can allow an attacker to construct a working topology of systems and routers by listing the systems through which data passes through on their way to the targeted machine. This attack can return varied results depending upon the type of traceroute that is performed. Traceroute works by sending packets to a target while incrementing the Time-to-Live field in the packet header. As the packet traverses each hop along its way to the destination, its TTL expires generating an ICMP diagnostic message that identifies where the packet expired. Traditional techniques for tracerouting involved the use of ICMP and UDP. As more firewalls began to filter ingress ICMP, methods of traceroute using TCP were developed

+ Target Attack Surface

Target Attack Surface Description

Targeted OSI Layers: Network Layer Transport Layer

Target Attack Surface Localities

Server-side

Target Attack Surface Types: Network Host Service

+ Attack Prerequisites
  • A network capable of routing the attackers' packets to the destination network.

+ Typical Severity

Low

+ Resources Required

A command line version of traceroute or similar tool that performs route enumeration.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Confidentiality
"Varies by context"
+ References
[R.293.1] [REF-20] Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". Chapter 2: Scanning, pp. 38-41. 6th Edition. McGraw Hill. 2009.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015